Clicking anywhere on the page will – if you are logged into Facebook – update your Facebook page without your permission to say that you also “Like” the page. You are probably oblivious to this, of course, as by now your web browser has been redirect to pictures of attractive female celebrities on the website of men’s magazine Maxim.

It’s quite startling how well these “likejacking” attacks can spread via social networks like Facebook.

By hiding an invisible button under your mouse, the hackers are able to capture your click wherever you click on the webpage. So your mouse press is hijacked and secretly clicks on a button which tells Facebook that you ‘like’ the webpage instead.

Why are people creating clickjacking worms like this? The answer is simple – to make money. The site is part of the CPALead advertising network, popping up a survey asking for personal information, and helping to generate revenue for those behind this scam.

Facebook really needs to grab this problem by the horns, as it is increasingly being struck by clickjacking worms. The social network should tighten up the way it handles the ‘liking’ of external webpages before it is more widely abused by malicious hackers and spammers.

It’s perhaps no surprise that many people (well, guys at the very least) are all too happy to click on a link which promises to show them pictures of the 101 hottest women in the world.

If you believe you may have been hit by this attack, view the recent activity on your news feed, check your recent activity, and delete entries related to link. You may also be wise to warn your friends if they might have followed your lead and also clicked on the link.

If you’re regular user of Facebook, you should join the Sophos page on Facebook to be kept informed of the latest security threats.